๐๏ธ Decode & Decompile APK
For a lot of the static and dynamic analysis of the mobile app, reviewing the source and/or SMALI files could be very beneficial. In this section we will decode and decompile the apk file. While we will typically be provided the APK file by the app team, there are some instances where you will need to install the app from the Google Play Store. In these cases, we can still obtain the APK file after the app is installed.
๐๏ธ AndroidManifest Analysis
Now that we have seen how to decode/decompile the application, letโs dive in and start looking for sensitive data, exported activities, and other items to help define our attack surface.
๐๏ธ Binary Protections
Java and Kotlin are strictly typed programming languages, and in most cases are immune to memory corruption vulnerabilities. The exception is when the application includes library files that are written in C/C++, which then opens them up for memory vulnerabilities. These files should be checked for proper stack canaries.
๐๏ธ Hard-Coded Data from APK File
An Android app can be configured in many different places. Typically, these are kept in SQLite Databases, JSON, or XML files. The main configuration file will be the AndroidManifest.xml file which will define all permissions, intents, services, etc.
๐๏ธ Endpoint Discovery and URLs
As part of the information gathering phase, search the decoded/decompiled output for all endpoint URLs & APIs.
๐๏ธ Mobile Security Framework
Links: